##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::HttpClient
	#include Msf::Exploit::Remote::Tcp

	def initialize
		super(
			'Name'        => 'md5crack.com Hash Searcher',
			'Version'     => '$Revision:$',
			'Description' => %q{
				Send a hash to md5crack.com and return result if its there.
			},
			'References'  =>
			[
				[ 'URL', 'http://carnal0wnage.attackresearch.com' ],
			],
			'Author'      => [ 'CG' ],
			'License'     => MSF_LICENSE
			)
			
				register_options([
					Opt::RHOST('www.md5crack.com'),
					Opt::RPORT(80),
					OptString.new('MD5HASH', [ TRUE, 'The hash to send.', '098f6bcd4621d373cade4e832627b4f6']),
			], self.class)
	
	end

	def run
		
		md5 = datastore['MD5HASH']
		print_status("Sending #{md5} hash to md5crack.com...")
		postrequest = "term=#{md5}&crackbtn=Crack+that+hash+baby%21"

		begin
		
			res = send_request_cgi({
				'uri'     => '/crackmd5.php',
				'method'  => 'POST',
				'data'   => postrequest,	                                                                
			}, 30)

			if ( res and res.code >= 200)
					if (res.body =~ /Found:/)
					match = res.body.match(/md5\(\"(.*)\"\)/)
					plaintext = $1
					print_status("plaintext md5 is: #{plaintext}")
				else
					print_status("Hash not in database")
				end
			else
				#''
				print_status("Received a #{res.code}")
			end
		
		end
	end
end

